This project aims at designing and implementing a comprehensive framework for hardening the security and privacy of healthcare data acquired by Internet of Things (IoT) devices. This project is the result of an international collaboration involving both academia (Qatar University and Washington University in Saint Louis, USA) and the local industry (Hamad Medical Corporation Ambulance Service, HMCAS). It is believed that IoT would prove to be disruptive for modern healthcare. Indeed, It has the potential of saving crucial minutes in the diagnosis and treatment of critical, hospitalized or ambulance bound patients, which could mean the difference between life and death or severe disability and return to health. Besides wireless devices, IoT in healthcare will increasingly rely on cloud technology for vast storage and analytics. Moreover, with the ubiquitous deployment of healthcare networks driven by IoT, the healthcare professionals can then look forward to improved outcomes, lower costs and increased access to healthcare. Cyber security would be a key issue in the highly connected healthcare. In 2015, healthcare was the most attacked industry with 90% of hospitals reporting being targeted by cyber-criminals in the last two years. As the use of wireless technology grows, so would the risk of malicious intrusions and information thefts. A case in point would be a cyber-extortion scenario. Given Qatari population's propensity to cardiovascular diseases, by introducing malicious code into the devices of seriously ill cardiovascular patients, a cyber-extortionist can threaten to kill them and demand ransom from the concerned hospital. We propose to follow an innovative multi-pronged strategy consisting of physical layer security, cryptographic techniques, and deep learning cyber-security solutions. Both the data at rest and data in motion would be strongly protected. Attack and anomaly detections must consider hundreds of indicators and interaction patterns across thousands of sensors and servers on a continuous basis. This big data is multidimensional and complex with patterns that are not evident with traditional analysis. Despite being potentially revolutionary, the main hindrance in the adoption of IoT innovations in healthcare is related to cyber-security issues. Distributed deep learning on IoT, edge and core clouds coupled with the innovative physical layer security at the devices is a novel effort that would tilt the balance in favor of benefits as against the risks of IoT in healthcare. Finally, this project will initiate a long-term collaboration with HMCAS to transfer cyber-security awareness in the healthcare system of Qatar. HMCAS personnel will have the opportunity to learn and apply cutting-edge cyber-security solutions and best practices significantly reducing the risk of cyber-security attacks to the Qatar healthcare system.

In order to ensure the security of cloud computing, the first step is to assess and understand the effectiveness of existing cloud security controls and architectures. A major issue in the development of resilient and secure cloud computing is the lack of well-established security metrics, attack models, and security risk assessment methodologies which are necessary to determine the effectiveness of security mechanisms and protocols, assess the impact of combined vulnerabilities, and to enhance the security based on these analyses. The overall objective of this research is to address aforementioned challenges by developing novel attack and defense modeling methods, security metrics, and ultimately incorporate these methods, models and metrics together in a security risk assessment framework and tool. The framework and tool will enable security decision makers of organizations to assess the security risk of cloud computing in a scalable and adaptive manner more efficiently and effectively to the existing methods. To achieve the objective of this research, we attempt to develop: (i) a security assessment framework of cloud computing under cyber threats and security controls, via well-defined security models, metrics and measurement, (ii) novel defense mechanisms (e.g., moving target defenses in software defined networks) to dramatically enhance the security of cloud computing to known/unknown cyber threats, and (iii) a user friendly security risk assessment tool to analyze and visualize security posture of cloud computing systems. This tool is expected to aid security decision makers to assess the security risk of cloud computing, and to formulate the best security controls, practices, and guidelines to any organizations using cloud computing.

Secure operation of computer systems traditionally hinges on the trustworthiness of system software layers, such as operating system kernels and virtual machine monitors. However, recent trends show the growing number of vulnerabilities in these software layers, and the increasing willingness and capabilities of the attackers to exploit these vulnerabilities in order to compromise the system software. This work investigates hardware-software architectures for protecting critical application secrets in the presence of compromised system software layers. Specifically, our investigations will center around two approaches: 1) hardening memory access control mechanisms and decoupling them from the resource management, and 2) supporting isolated execution environments for storing and manipulating secrets.

Cloud data storage systems have different architectures than traditional storage systems for computing devices. The reliability of traditional computing storage systems focuses on reducing the number of permanent disk and storage system failures (or APR - annual replacement rate, which is normally between (2% to 4%). On the other hand,the most critical operations for improving cloud file system performance are: recovery from correlated burst failures and degraded reads to temporarily unavailable data. When data is temporarily unavailable, data reads become degraded because unavailable data needs to be reconstructed from available data using erasure codes. To improve the performance of degraded reads, it is important to lower I/O costs in erasure-coded systems (i.e., to reduce the number of disks that one has to read in order to recover the unavailable data).This is equivalent to reducing the nonzero elements in the parity check matrix (equivalently, the generator matrix) of the underlying erasure codes. In order to address the challenge of recovery from correlated burst failures, it is necessary to use erasure codes that tolerate more faults. The first innovation of this project will focus on the innovative coding techniques that will lead to significant efficiencies and reliability in current distributed cloud storage systems. These techniques address the challenges in cloud storage systems by improving the performance of degraded reads (via reducing I/O costs in erasure-coded systems) and by improving the capability of recovery from correlated burst failures (via tolerating more errors in erasure-coded systems). Due to the distributed architecture of cloud storage systems, federal governments, business users, and individual users feel strongly uncomfortable for storing their data (such as tax records or business critical data) in cloud servers since the actual server could be located in other countries such as India. Thus government agencies and corporate users start to require that their data must remain within their geographic control. The second innovation of this project is to develop fundamentally new schemes for privacy preserving XaaS (anything as a Service) for cloud computing environments. The proposed technologies will give a complete solution to address cloud computing privacy challenges and at the same time, to take the advantage and benefits that one could achieve by moving data to cloud platforms. Specifically, secret sharing based schemes and random linear codes based solutions will be developed for cloud data storage so that users could store their encrypted data in distributed cloud storage systems and remotely perform privacy preserving computations on their encrypted data in cloud without privacy concerns.

This project aims to develop a new secure computer model called the Garbled Computer (GC).Â An adversary observing the computations of a GC learns nothing about what it is doing, what data it is operating on (whether inputs or intermediate values), and the outputs it is producing. The GC achieves, using a single general approach, the multiple goals of software obfuscation, tamper proofing, data confidentiality and data integrity. The GC enables execution, on untrusted platforms, of trusted and confidential code whose inputs and outputs are sensitive. For example, it can enable the utilization of Amazon cloud services without revealing to Amazon the nature of the computation or the data, and without requiring Amazon to change the operation of its cloud services (i.e., use standard off-the-shelf services).